Java’s ubiquity combined with its propensity to stay out of
date on a large chunk of its install base makes it an ideal target for
hackers. This is enough to ensure that whenever the subject of
third-party software vulnerabilities crops up for discussion Java is
somewhere at the top of the ensuing list of those most vulnerable.
According to the latest volume of Microsoft’s Security Intelligence Report, Java was responsible for the largest number of attacks in the first half of 2011.
During this period, attackers mounted millions of attacks to
exploit the large number of vulnerabilities present in Java Runtime
Environment (JRE), Java Virtual Machine (JVM), and Java SE in the Java
Development Kit (JDK). If we go back even further to the start of the
the third quarter of 2010, Microsoft’s antimalware technologies came
face to face with as many as 27 million attacks targeting Java
vulnerabilities from then to the end of the second quarter of 2011. That
leaves us with a quarterly average as high as 6.9 million during that
one year period.
“Many of the more commonly exploited Java vulnerabilities are several years old, and have had security updates available for them for years,” wrote Tim Rains, a director at Microsoft's Trustworthy Computing Group, in a blog post Tuesday. “This illustrates that once attackers develop or buy the capability to exploit a vulnerability, they continue to use the exploit for years, presumably because they continue to get a positive return on investment.”
“Many of the more commonly exploited Java vulnerabilities are several years old, and have had security updates available for them for years,” wrote Tim Rains, a director at Microsoft's Trustworthy Computing Group, in a blog post Tuesday. “This illustrates that once attackers develop or buy the capability to exploit a vulnerability, they continue to use the exploit for years, presumably because they continue to get a positive return on investment.”
0 Responses to "Java Continues to be Hackers' Darling"
Post a Comment